From owner-freebsd-ports-bugs@freebsd.org Tue Jun 11 13:09:39 2019 Return-Path: Delivered-To: freebsd-ports-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 93E7C15BA838 for ; Tue, 11 Jun 2019 13:09:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 250BD8B094 for ; Tue, 11 Jun 2019 13:09:39 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id D6D1115BA837; Tue, 11 Jun 2019 13:09:38 +0000 (UTC) Delivered-To: ports-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 98DFB15BA836 for ; Tue, 11 Jun 2019 13:09:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3439A8B090 for ; Tue, 11 Jun 2019 13:09:38 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 6A6B8180F0 for ; Tue, 11 Jun 2019 13:09:37 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id x5BD9bsM045398 for ; Tue, 11 Jun 2019 13:09:37 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id x5BD9bK2045397 for ports-bugs@FreeBSD.org; Tue, 11 Jun 2019 13:09:37 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 238498] [MAINTAINER] dns/nsd Upgrade to version 4.2.0 Date: Tue, 11 Jun 2019 13:09:37 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: jaap@NLnetLabs.nl X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: ports-bugs@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback+ X-Bugzilla-Changed-Fields: flagtypes.name Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Jun 2019 13:09:39 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D238498 Jaap Akkerhuis changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |maintainer-feedback+ --- Comment #1 from Jaap Akkerhuis --- This release contains new features, contributed from Sinodun, that implement TCP fast open support and also support for service on DNS over TLS. There is also TLS OCSP stapling support with the tls-service-ocsp option in nsd.conf. The new option hide-identity can be used in nsd.conf to stop NSD from responding with the hostname for probe queries that elicit the chaos class response, this is conform RFC4892. There is a bug fix for memory leaks during zone file read, with duplicate records in the zone file. 4.2.0 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D FEATURES: - Print IP address when bind socket fails with error. - Fix #4249: The option hide-identity: yes stops NSD from responding with the hostname for chaos class queries. Implements the RFC4892 security considerations. - Patch to add support for TCP Fast Open, from Sara Dickinson (Sinodun). - Patch to add support for tls service on a specified tls port, from Sara Dickinson (Sinodun). - Use travis for build check, initial unit test and clang analysis. - TLS OCSP stapling support, enabled with tls-service-ocsp: filename, patch from Andreas Schulze. BUG FIXES: - Fix to delete unused zparser.default_apex member. - Fix that the TLS handshake routine sets the correct event to continue when done. - Fix that TLS renegotiation calls the read and write routines again with the same parameters when the desired event has been satisfied. - Fix that TCP Fastopen has better error message and supports OSX. - Fix to avoid buffer alloc with global buffer in tls write handler. - Fix to initialize event structure when accepting TCP connection. - Disable TLS1.0, TLS1.1 and weak ciphers, enable CIPHER_SERVER_PREFERENCE, patch from Andreas Schulze. - further setup ssl ctx after the keys are loaded, for ECDH. - Fix #10: Fix memory leaks caused by duplicate rr and include instructions. - Fix to define _OPENBSD_SOURCE to get reallocarray on NetBSD. --=20 You are receiving this mail because: You are the assignee for the bug.=